The power/electrical sector is crucial because it enables all critical infrastructure for the smooth functioning of a society. Given its significance, it is also on the radar of several cybercrime groups. The effects of cyberattacks on electrical infrastructure are far-reaching and impact public safety and national and economic security. Research from security firm Recorded Future recently found a China-linked threat actors group dubbed RedEcho, targeting 12 Indian organizations, 10 of which are in the power sector.
Here’s what Dick Wilkinson, Chief Technology Officer, New Mexico Judicial Information Division, has to say about cyberattacks on power companies:
“The threat of major public systems like electricity and water being attacked by nefarious cyber actors has been a popular science fiction theme for the past 30 years. This kind of threat is no longer a fantasy and is happening today, meaning the future is now.
The ability to launch attacks against electrical systems has existed for quite some time. The political interest or risk to launch these attacks was a bigger restraint than the technical ability of most countries or hacking groups. Critical infrastructure was also much more focused on analog controls and the systems were not as fully infiltrated by connected tech devices until the past decade. These two factors, politics and connectivity, have both moved in opposite directions over the past decade. As hacking news becomes commonplace and even very big attacks become part of the daily news cycle, threat actors are emboldened to cross lines they would not have in the recent past. The networks at risk have become more connected by several orders of magnitude and the attacks have become easier to launch, meaning proliferation to even more actors, not just large nation states. The intersection of these two trends brings us to the threat environment of today. We are in the infancy of this trend of attacks on infrastructure and the international political community will need to act very quickly to create sound legal frameworks to control this dark world of cybercrime as well as legitimate cyber military activity.”
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.